To get started with installing Graylog, do the following:
Create a VM using the following:
- Image: Ubuntu 18.04 LTS
- Minimum Size: B2s (~$30/month)
- Open ports 80,443,22
SSH into the server and follow this guide to get Graylog installed.
To set up public access, set the following variables in Graylog config file:
Once fully installed, set up an Apache reverse proxy:
Then restart both servers:
To verify installation, access at <IP_ADDRESS> to verify the installation. If you see the Graylog login screen, you’ve successfully set up the server.
Finish by setting the SSH networking rule to a trusted IP to improve security.
Set up HTTPS using Let’s Encrypt
To set up HTTPS using Let’s Encrypt, use the Certbot directions.
Once that’s done, make sure to change
http_external_uri in the Graylog config file and restart Graylog.
Send Kubernetes Logs to Graylog
First, SSH into the server and configure Elasticsearch (
/etc/elasticsearch/elasticsearch.yml) to bind to the private IP of the VM:
Restart Elasticsearch, then configure Graylog to listen to the new Elasticsearch host:
Restart Graylog, then open the firewall to allow for port 9200 to be accessible by the cluster IP. Confirm access by trying to hit port 9200.
Next, set up an input in Graylog.
After that, create the RBAC role for the cluster (fluentd-rbac.yml):
Then create the daemonset, changing the container environment variables as needed (fluentd-daemonset.yml):
Deploy both of these out:
Then check the logs of the daemonset to confirm correct connection:
Sending Azure App Service Logs to Graylog
To get started, create the following:
- Azure Function App
- Azure Event Hubs
For the App Service in place, enable “Diagnostic logs” and send them to the Event Hub.
TO BE CONTINUED
Increase Heap Size
To increase the heap size, edit
/etc/default/graylog-server, then restart